基于格的最优轮数口令认证秘密共享协议

Lattice-Based Round-Optimal Password Authenticated Secret Sharing Protocol

口令认证秘密共享将口令认证和秘密共享相结合,是一个贴合实际用户需求的分布式方案。该协议允许一个用户在多个服务器间共享秘密,并且只需要记忆一个简短口令即可在后续同时完成身份验证以及秘密恢复。协议安全性保证只要敌手控制的服务器不超过阈值,敌手就不能从协议中窃取任何有关口令和秘密的信息。口令认证秘密共享方案最初基于离散对数及其变体的假设,不能抵抗量子攻击,因此找到量子安全的构造成为亟需解决的问题。ROY等人提出一种恶意安全且量子安全的构造,但其通信轮数并非最优,在有恶意敌手干扰的情况下,轮数甚至不再是常数。针对轮数优化问题,文章利用可验证不经意伪随机函数原语,给出了基于格的最优轮数的量子安全构造并严格证明了其安全性。此外,协议保证多数诚实服务器场景时,诚实用户一定能在最优轮数内成功恢复正确的秘密,具有很强的鲁棒性。

The combination of password authentication and secret sharing in Password-Protected Secret Sharing(PPSS)schemes presents a distributed solution that aligns with practical user needs.This protocol allows a user to share secrets among multiple servers,only requiring the memorization of a short password for subsequent simultaneous authentication and secret reconstruction.The security ensures that as long as the adversary does not corrupt servers beyond a threshold,it cannot reveal any information related to password or the secrets from the protocol.The PPSS schemes were initially based on discrete-loghardness assumptions and their variants,making them vulnerable to quantum attacks.Finding a quantum-secure construction has thus become an urgent problem to address.Roy et al.introduced a quantum-secure construction against malicious adversaries,but its communication rounds are not optimal and even not be constant in the presence of malicious adversaries.Addressing the issue of optimizing protocol rounds,this paper firstly introduced a lattice-based quantum-secure construction with optimal rounds,using a Verifiable Oblivious Pseudorandom Function(V-OPRF)primitive and then rigorously proved security of the protocol.Furthermore,the protocol ensured that in scenarios with a majority of honest servers,an honest user will always successfully reconstruct the correct secret within the optimal number of rounds,demonstrating strong robustness.